Lucene search

K
freebsdFreeBSD24B64FB0-AF1D-11DD-8A16-001B1116B350
HistoryNov 08, 2008 - 12:00 a.m.

clamav -- off-by-one heap overflow in VBA project parser

2008-11-0800:00:00
vuxml.freebsd.org
24

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

EPSS

0.054

Percentile

93.1%

Advisory from Moritz Jodeit, November 8th, 2008:

ClamAV contains an off-by-one heap overflow vulnerability
in the code responsible for parsing VBA project files.
Successful exploitation could allow an attacker to execute
arbitrary code with the privileges of the `clamd’ process by
sending an email with a prepared attachment.
A VBA project file embedded inside an OLE2 office document
send as an attachment can trigger the off-by-one.

Entry from Thu Oct 30 13:52:42 CET 2008 (acab) in ChangeLog:

libclamav/vba_extract.c: get_unicode_name off-by-one,
bb#1239 reported by Moritz Jodeit >moritz*jodeit.org<

OSVersionArchitecturePackageVersionFilename
FreeBSDanynoarchclamav< 0.94.1UNKNOWN
FreeBSDanynoarchclamav-devel< 20081105UNKNOWN

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

EPSS

0.054

Percentile

93.1%